Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9005436ea8f7c0dede260d1b249540c94a02431afe4d26956b4199705577ea62
-
Size
742KB
-
Sample
221126-kybhcsff34
-
MD5
39c0e005cd2892a7b315081f9db6dc37
-
SHA1
e9c2dda548ca0f53939d8bbf9228a92977964341
-
SHA256
9005436ea8f7c0dede260d1b249540c94a02431afe4d26956b4199705577ea62
-
SHA512
e5b258b62685152ba0387a280a27957c6cd78848d31a7cd65089c0c8dbd0d59d65089f702fe0dd8e759a27c2974219f9c170ba67c6457a4725a8b09dc69ce77e
-
SSDEEP
12288:T2359uMww1bLO6ejFn8KL8XdChu/FiMZgi7hLEsOYt4ZmwjHCmac95RDOqruN2mE:S5p126wFn8KL8tz4MZHVLJtimSimHROY
Static task
static1
Behavioral task
behavioral1
Sample
9005436ea8f7c0dede260d1b249540c94a02431afe4d26956b4199705577ea62.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9005436ea8f7c0dede260d1b249540c94a02431afe4d26956b4199705577ea62.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\!Decrypt-All-Files-fpcelmn.txt
http://fizxfsi3cad3kn7v.onion.cab
http://fizxfsi3cad3kn7v.tor2web.org
http://fizxfsi3cad3kn7v.onion/
Extracted
C:\Users\Admin\Documents\!Decrypt-All-Files-fpcelmn.txt
http://fizxfsi3cad3kn7v.onion.cab
http://fizxfsi3cad3kn7v.tor2web.org
http://fizxfsi3cad3kn7v.onion/
Targets
-
-
Target
9005436ea8f7c0dede260d1b249540c94a02431afe4d26956b4199705577ea62
-
Size
742KB
-
MD5
39c0e005cd2892a7b315081f9db6dc37
-
SHA1
e9c2dda548ca0f53939d8bbf9228a92977964341
-
SHA256
9005436ea8f7c0dede260d1b249540c94a02431afe4d26956b4199705577ea62
-
SHA512
e5b258b62685152ba0387a280a27957c6cd78848d31a7cd65089c0c8dbd0d59d65089f702fe0dd8e759a27c2974219f9c170ba67c6457a4725a8b09dc69ce77e
-
SSDEEP
12288:T2359uMww1bLO6ejFn8KL8XdChu/FiMZgi7hLEsOYt4ZmwjHCmac95RDOqruN2mE:S5p126wFn8KL8tz4MZHVLJtimSimHROY
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-